Lucene search
K

5224 matches found

Cisco
Cisco
added 2018/04/18 4:0 p.m.44 views

Cisco Identity Services Engine Shell Access Vulnerability

A vulnerability in the support tunnel feature of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking...

6.7CVSS1.8AI score0.00349EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.56 views

Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

5.5CVSS0.9AI score0.00364EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.53 views

Cisco WebEx Clients Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An...

9CVSS2.4AI score0.027EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.80 views

Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 SMB2 and SMB Version 3 SMB3 protocols if malware is detected. The...

5.8CVSS5.8AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.58 views

Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings

With new installations of Cisco Wireless LAN Controller Software, the installation scripts create default communities for Simple Network Management Protocol SNMP Version 2 SNMPv2 and a default username for SNMP Version 3 SNMPv3, both allowing for read and write access. As documented in the Cisco...

0.7AI score
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.44 views

Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability

A vulnerability in the Login screen of the Clientless SSL VPN WebVPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Th...

6.1CVSS6AI score0.01799EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.46 views

Cisco WebEx Connect IM Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

6.1CVSS1.2AI score0.00918EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.174 views

Cisco Firepower System Software Intelligent Application Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass IAB with a drop percentage threshold is also configured. The vulnerability is due to incorrect...

5.8CVSS5.5AI score0.01229EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.105 views

Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100 percent utilization, causing a denial of service DoS condition on an affected system. The vulnerability i...

8.6CVSS8.4AI score0.03612EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.56 views

Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL Virtual Private Network VPN Client Certificate Authentication feature for Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps...

7.5CVSS8.2AI score0.02047EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.76 views

Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...

6.1CVSS6AI score0.0189EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.74 views

Cisco MATE Collector Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...

5.3CVSS2.5AI score0.0071EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.43 views

Cisco cBR Series Converged Broadband Routers High CPU Usage Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the incorrect handling of...

4.3CVSS2.7AI score0.00804EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.97 views

Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability

A vulnerability in the Transport Layer Security TLS library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service DoS condition...

8.6CVSS8.6AI score0.046EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.81 views

Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...

8.8CVSS3.2AI score0.00936EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.53 views

Cisco StarOS Interface Forwarding Denial of Service Vulnerability

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router ASR 5700 Series devices and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to cause an interface on the device to...

8.6CVSS1.5AI score0.03446EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.56 views

Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of servi...

8.6CVSS8.6AI score0.0184EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.42 views

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on a...

9.1CVSS1.2AI score0.05182EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.104 views

Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of servi...

8.6CVSS8.7AI score0.0386EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.37 views

Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager SESSMGR process on an affected device to restart, resulting in a denial of service DoS condition. The vulnerabilit...

5.8CVSS2.1AI score0.01607EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.38 views

Cisco StarOS IPsec Manager Denial of Service Vulnerability

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

5.3CVSS1.1AI score0.03286EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.49 views

Cisco DNA Center Cross Origin Resource Sharing Vulnerability

A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...

5.4CVSS0.6AI score0.0132EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.63 views

Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability

A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...

7.4CVSS1.9AI score0.00856EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.39 views

Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a...

8.6CVSS1.7AI score0.02483EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.38 views

Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of VPN traffi...

8.6CVSS2.3AI score0.07074EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.59 views

Cisco IOS XE Software CLI Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...

5.3CVSS3.2AI score
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.47 views

Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists because the affected...

8.6CVSS1.4AI score0.07613EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.181 views

Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges on a...

8.8CVSS8.7AI score
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.41 views

Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a condition that could occur wh...

7.7CVSS1.9AI score0.04746EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.53 views

Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities

Multiple vulnerabilities in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition. For more information about these vulnerabilities, see the Details...

6.8CVSS1.2AI score0.05051EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.51 views

Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability

A vulnerability in the IP Version 4 IPv4 processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads ...

8.6CVSS1AI score0.03893EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.61 views

Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service DoS condition. The vulnerability is due to...

8.6CVSS1.9AI score0.07194EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.53 views

Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An...

8.8CVSS2.4AI score0.03319EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.31 views

Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

6.7CVSS3.7AI score0.00424EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.48 views

Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass Vulnerability

A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...

6.5CVSS1.3AI score0.0066EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.42 views

Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability

A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an...

8.6CVSS1.7AI score0.02743EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.130 views

Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper validation of packet data. A...

8.6CVSS1.8AI score0.08369EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.65 views

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability

A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is...

8.6CVSS2.5AI score0.06874EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.83 views

Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...

7.8CVSS2.5AI score
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.35 views

Cisco IOS XE Software REST API Authorization Bypass Vulnerability

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to t...

5CVSS2.6AI score0.01329EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.45 views

Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability

A vulnerability in the Internet Group Management Protocol IGMP packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the...

7.4CVSS2.2AI score0.00737EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.89 views

Cisco IOS XE Software Switch Integrated Security Features IPv6 Denial of Service Vulnerability

A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending...

6.8CVSS1.6AI score0.01936EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.312 views

Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability

A vulnerability in the quality of service QoS subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds...

9.8CVSS2.5AI score0.14204EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.30 views

Cisco IOS XE Software Arbitrary File Write Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...

4.9CVSS1.9AI score0.01029EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.73 views

Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 DHCPv4 packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

8.6CVSS1.3AI score0.07613EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.101 views

Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists because the affected...

8.6CVSS1.5AI score0.07824EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.56 views

Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation...

6.1CVSS6.3AI score
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.48 views

Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker...

7.7CVSS2AI score0.01662EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.100 views

Cisco IOS XE Software Static Credential Vulnerability

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot. The vulnerability is due to an undocumented user account with...

9.8CVSS2.2AI score0.04823EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.84 views

Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the Bidirectional Forwarding Detection BFD offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service DoS condition. Th...

8.6CVSS8.3AI score0.07747EPSS
Exploits0References1
Total number of security vulnerabilities5224